<!doctype html><html lang dir=ltr><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><title>IBM QRadar - Introduction | Hui.Ke - Blog</title><meta name=generator content="Hugo Eureka 0.9.3"><link rel=stylesheet href=https://b.hui.ke/css/eureka.min.9cec6350e37e534b0338fa9a085bf06855de3b0f2dcf857e792e5e97b07ea905d4d5513db554cbc26a9c3da622bae92d.css><script defer src=https://b.hui.ke/js/eureka.min.fa9a6bf6d7a50bb635b4cca7d2ba5cf3dfb095ae3798773f1328f7950028b48c17d06276594e1b5f244a25a6c969a705.js></script>
<link rel=preconnect href=https://fonts.googleapis.com><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=preload href="https://fonts.googleapis.com/css2?family=Lora:wght@400;600;700&family=Noto+Serif+SC:wght@400;600;700&display=swap" as=style onload='this.onload=null,this.rel="stylesheet"'><link rel=stylesheet href=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/styles/vs.min.css media=print onload='this.media="all",this.onload=null' crossorigin><script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/bash.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/ini.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/json.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/php.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/python.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/shell.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/sql.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/x86asm.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/xml.min.js crossorigin></script>
<link rel=stylesheet href=https://b.hui.ke/css/highlightjs.min.2958991528e43eb6fc9b8c4f2b8e052f79c4010718e1d1e888a777620e9ee63021c2c57ec7417a3108019bb8c41943e6.css media=print onload='this.media="all",this.onload=null'><script defer type=text/javascript src=https://lib.baomitu.com/font-awesome/6.1.1/js/all.min.js></script>
<link rel=stylesheet href=https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.css integrity=sha384-MlJdn/WNKDGXveldHDdyRP1R4CTHr3FeuDNfhsLPYrq2t0UBkUdK2jyTnXPEK1NQ media=print onload='this.media="all",this.onload=null' crossorigin><script defer src=https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.js integrity=sha384-VQ8d8WVFw0yHhCk5E8I86oOhv48xLpnDZx5T9GogA/Y84DcCKWXDmSDfn13bzFZY crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/contrib/auto-render.min.js integrity=sha384-+XBljXPPiv+OzfbB3cVmLHf4hdUFHlWNZN5spNQ7rmHTXpd7WvJum6fIACpNNfIR crossorigin></script>
<script>document.addEventListener("DOMContentLoaded",function(){renderMathInElement(document.body,{delimiters:[{left:"$$",right:"$$",display:!0},{left:"$",right:"$",display:!1},{left:"\\(",right:"\\)",display:!1},{left:"\\[",right:"\\]",display:!0}]})})</script><script defer src=https://cdn.jsdelivr.net/npm/mermaid@8.14.0/dist/mermaid.min.js integrity=sha384-atOyb0FxAgN9LyAc6PEf9BjgwLISyansgdH8/VXQH8p2o5vfrRgmGIJ2Sg22L0A0 crossorigin></script>
<link rel=icon type=image/png sizes=32x32 href=https://b.hui.ke/icon_hub7ca0b5404c6d576559b2bd22c64b0e5_2009_32x32_fill_box_center_3.png><link rel=apple-touch-icon sizes=180x180 href=https://b.hui.ke/icon_hub7ca0b5404c6d576559b2bd22c64b0e5_2009_180x180_fill_box_center_3.png><meta name=description content="  本文是 IBM QRadar 演示 PPT No.1《Introduction to QRadar》的学习笔记，内容仅供学习交流，非IBM QRadar 官方文档。若想学习 IBM QRadar 相关内容，建议咨询 IBM 官方。"><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://b.hui.ke/posts/"},{"@type":"ListItem","position":2,"name":"IBM QRadar - Introduction","item":"https://b.hui.ke/posts/ibm-qradar-1/"}]}</script><script type=application/ld+json>{"@context":"https://schema.org","@type":"Article","mainEntityOfPage":{"@type":"WebPage","@id":"https://b.hui.ke/posts/ibm-qradar-1/"},"headline":"IBM QRadar - Introduction | Hui.Ke - Blog","datePublished":"2021-06-11T11:32:34+08:00","dateModified":"2021-06-11T11:32:34+08:00","wordCount":1089,"author":{"@type":"Person","name":"Hui.ke"},"publisher":{"@type":"Person","name":"Hui.Ke","logo":{"@type":"ImageObject","url":"https://b.hui.ke/icon.png"}},"description":"\u003cp\u003e  本文是 IBM QRadar 演示 PPT No.1《Introduction to QRadar》的\u003cstrong\u003e学习笔记\u003c\/strong\u003e，内容仅供学习交流，\u003cstrong\u003e非\u003c\/strong\u003e\u003cdel\u003eIBM QRadar 官方文档\u003c\/del\u003e。若想学习 IBM QRadar 相关内容，建议咨询 IBM 官方。\u003c\/p\u003e"}</script><meta property="og:title" content="IBM QRadar - Introduction | Hui.Ke - Blog"><meta property="og:type" content="article"><meta property="og:image" content="https://b.hui.ke/icon.png"><meta property="og:url" content="https://b.hui.ke/posts/ibm-qradar-1/"><meta property="og:description" content="  本文是 IBM QRadar 演示 PPT No.1《Introduction to QRadar》的学习笔记，内容仅供学习交流，非IBM QRadar 官方文档。若想学习 IBM QRadar 相关内容，建议咨询 IBM 官方。"><meta property="og:site_name" content="Hui.Ke - Blog"><meta property="article:published_time" content="2021-06-11T11:32:34+08:00"><meta property="article:modified_time" content="2021-06-11T11:32:34+08:00"><meta property="article:section" content="posts"><meta property="article:tag" content="QRadar"><meta property="article:tag" content="Security Intelligence"><meta property="article:tag" content="SIEM"><meta property="og:see_also" content="https://b.hui.ke/posts/ibm-qradar-2/"><script>!function(e){"use strict";!function(){var i,s=window,o=document,a=e,c="".concat("https:"===o.location.protocol?"https://":"http://","sdk.51.la/js-sdk-pro.min.js"),n=o.createElement("script"),r=o.getElementsByTagName("script")[0];n.type="text/javascript",n.setAttribute("charset","UTF-8"),n.async=!0,n.src=c,n.id="LA_COLLECT",a.d=n,i=function(){s.LA.ids.push(a)},s.LA?s.LA.ids&&i():(s.LA=e,s.LA.ids=[],i()),r.parentNode.insertBefore(n,r)}()}({id:"Jgb8aUbG5e3rqhrs",ck:"Jgb8aUbG5e3rqhrs",autoTrack:!0,hashMode:!0})</script><body class="flex min-h-screen flex-col"><header class="min-h-16 pl-scrollbar bg-secondary-bg fixed z-50 flex w-full items-center shadow-sm"><div class="mx-auto w-full max-w-screen-xl"><script>let storageColorScheme=localStorage.getItem("lightDarkMode");((storageColorScheme=="Auto"||storageColorScheme==null)&&window.matchMedia("(prefers-color-scheme: dark)").matches||storageColorScheme=="Dark")&&document.getElementsByTagName("html")[0].classList.add("dark")</script><nav class="flex items-center justify-between flex-wrap px-4 py-4 md:py-0"><a href=/ class="me-6 text-primary-text text-xl font-bold">Hui.Ke - Blog</a>
<button id=navbar-btn class="md:hidden flex items-center px-3 py-2" aria-label="Open Navbar">
<i class="fas fa-bars"></i></button><div id=target class="hidden block md:flex md:grow md:justify-between md:items-center w-full md:w-auto text-primary-text z-20"><div class="md:flex md:h-16 text-sm md:grow pb-4 md:pb-0 border-b md:border-b-0"><a href=/posts/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 selected-menu-item me-4">Posts</a>
<a href=/docs/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 border-transparent me-4">Docs</a>
<a href=/categories/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 border-transparent me-4">Categories</a>
<a href=/series/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 border-transparent me-4">Series</a>
<a href=/tags/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 border-transparent me-4">Tags</a>
<a href=/love/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 border-transparent me-4">Love</a>
<a href=/about/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 border-transparent me-4">About</a></div><div class=flex><div class="relative pt-4 md:pt-0"><div class="cursor-pointer hover:text-eureka" id=lightDarkMode><i class="fas fa-adjust"></i></div><div class="fixed hidden inset-0 opacity-0 h-full w-full cursor-default z-30" id=is-open></div><div class="absolute flex flex-col start-0 md:start-auto end-auto md:end-0 hidden bg-secondary-bg w-48 rounded py-2 border border-tertiary-bg cursor-pointer z-40" id=lightDarkOptions><span class="px-4 py-1 hover:text-eureka" name=Light>Light</span>
<span class="px-4 py-1 hover:text-eureka" name=Dark>Dark</span>
<span class="px-4 py-1 hover:text-eureka" name=Auto>Auto</span></div></div></div></div><div class="fixed hidden inset-0 opacity-0 h-full w-full cursor-default z-0" id=is-open-mobile></div></nav><script>let element=document.getElementById("lightDarkMode");storageColorScheme==null||storageColorScheme=="Auto"?document.addEventListener("DOMContentLoaded",()=>{window.matchMedia("(prefers-color-scheme: dark)").addEventListener("change",switchDarkMode)}):storageColorScheme=="Light"?(element.firstElementChild.classList.remove("fa-adjust"),element.firstElementChild.setAttribute("data-icon","sun"),element.firstElementChild.classList.add("fa-sun")):storageColorScheme=="Dark"&&(element.firstElementChild.classList.remove("fa-adjust"),element.firstElementChild.setAttribute("data-icon","moon"),element.firstElementChild.classList.add("fa-moon")),document.addEventListener("DOMContentLoaded",()=>{getcolorscheme(),switchBurger()})</script></div></header><main class="grow pt-16"><div class=pl-scrollbar><div class="mx-auto w-full max-w-screen-xl lg:px-4 xl:px-8"><div class="grid grid-cols-2 gap-4 lg:grid-cols-8 lg:pt-12"><div class="bg-secondary-bg col-span-2 rounded px-6 py-8 lg:col-span-6"><article class=prose><h1 class=mb-4>IBM QRadar - Introduction</h1><div class="text-tertiary-text not-prose mt-2 flex flex-row flex-wrap items-center"><div class="me-6 my-2"><i class="fas fa-calendar me-1"></i>
<span>2021-06-11</span></div><div class="me-6 my-2"><i class="fa-solid fa-pen-to-square me-1"></i>
<span>2021-06-11</span></div><div class="me-6 my-2"><i class="fas fa-clock me-1"></i>
<span>3 min read</span></div><div class="me-6 my-2"><i class="fas fa-folder me-1"></i>
<a href=https://b.hui.ke/categories/it/ class=hover:text-eureka>IT</a></div><div class="me-6 my-2"><i class="fas fa-th-list me-1"></i>
<a href=https://b.hui.ke/series/ibm/ class=hover:text-eureka>IBM</a></div><div class="me-6 my-2"><i class="fa-solid fa-eye me-1"></i>
<span id=busuanzi_value_page_pv><i class="fa fa-spinner fa-spin"></i></span> Hits</div></div><p>  本文是 IBM QRadar 演示 PPT No.1《Introduction to QRadar》的<strong>学习笔记</strong>，内容仅供学习交流，<strong>非</strong><del>IBM QRadar 官方文档</del>。若想学习 IBM QRadar 相关内容，建议咨询 IBM 官方。</p><h2 id=an-integrated-and-intelligent-security-immune-system>An integrated and intelligent security immune system</h2><h3 id=一个中心security-analytics-and-orchestration>一个中心：Security Analytics and Orchestration</h3><ol><li>Cognitive security</li><li>Vulnerability management</li><li>Threat and anomaly detection</li><li>User behavior analysis</li><li>Incident response</li><li>Threat hunting and investigation</li></ol><h3 id=九个方面>九个方面</h3><ol><li>Network<ol><li>Network froensics and threat management</li><li>Firewalls</li><li>Sandboxing</li><li>Virtual patching</li><li>Network visibility and segmentation</li></ol></li><li>Advanced Fraud<ol><li>Fraud protection</li><li>Criminal detection</li></ol></li><li>Identity and Access<ol><li>Privileged identity management</li><li>Entitlements and roles</li><li>Access management</li><li>Identity management</li></ol></li><li>Cloud<ol><li>Cloud access security broker</li><li>Workload protection</li></ol></li><li>Data and Apps<ol><li>Data monitoring</li><li>Data access control</li><li>Application scanning</li><li>Application security management</li></ol></li><li>Mobile<ol><li>Transaction protection</li><li>Device managemnet</li><li>Content security</li></ol></li><li>Endpoint<ol><li>Endpoint detection and response</li><li>Endpoint patching and management</li><li>Malware protection</li></ol></li><li>Threat Intelligence<ol><li>IP reputation</li><li>Indicators of compromise</li><li>Threat sharing</li></ol></li><li>Security Ecosystem</li></ol><h2 id=ibm-security-immune-system-portfolio>IBM security immune system portfolio</h2><h3 id=一个中心security-analytics-and-orchestration-1>一个中心：Security Analytics and Orchestration</h3><ol><li>Cognitive security - QRadar Advisor with Watson</li><li>Vulnerability management - QRadar Vulnerability / Risk Manager</li><li>Threat and anomaly detection - QRadar SIEM</li><li>User behavior analysis - QRadar User Behavior Analytics</li><li>Incident response - Resilient Incident Response</li><li>Threat hunting and investigation - i2 Enterprise Insight Analysis</li></ol><h3 id=九个方面-1>九个方面</h3><ol><li>Network<ol><li>QRadar Network Security(XGS)</li><li>QRadar Incident Forensics</li></ol></li><li>Advanced Fraud<ol><li>Trusteer Pinpoint</li><li>Trusteer Mobile</li><li>Trusteer Rapport</li></ol></li><li>Identity and Access<ol><li>Identity Governance and Access</li><li>Privileged Identity Manager</li><li>Cloud Identity Service</li><li>zSecure</li></ol></li><li>Cloud
Cloud Security</li><li>Data and Apps<ol><li>Guardium</li><li>Key Manager</li><li>AppScan</li></ol></li><li>Mobile
MaaS 360</li><li>Endpoint
BigFix</li><li>Threat Intelligence
X-Force Exchange</li><li>Security Ecosystem
App Exchange</li></ol><h2 id=the-qradar-ecosystem--intelligent-detection>The QRadar Ecosystem – Intelligent Detection</h2><ol><li>Predict and prioritize security weaknesses<ul><li>Gather threat intelligence information</li><li>Manage vulnerabilities and risks</li><li>Augment vulnerability scan data with context for optimized prioritization</li><li>Manage device configurations (firewalls, switches, routers, IPS/IDS)</li></ul></li><li>Detect deviations to identify malicious activity<ul><li>Establish baseline behaviors</li><li>Monitor and investigate anomalies</li><li>Monitor network flows</li></ul></li><li>React in real time to exploits<ul><li>Correlate logs, events, network flows, identities, assets, vulnerabilities, and configurations, and add context</li><li>Use automated and cognitive solutions to make data actionable by existing staff</li></ul></li></ol><h2 id=what-is-security-intelligence>What is Security Intelligence?</h2><p>The real-time collection, normalization, and analytics of the data generated by users, applications, and infrastructure that impacts the IT security and risk posture of an enterprise</p><h2 id=ibm-qradar-vulnerability-manager>IBM QRadar Vulnerability Manager</h2><p>Scan, assess, and remediate vulnerabilities</p><ul><li>Contains an embedded, well proven, scalable, analyst recognized vulnerability detection engine that detects more than 70,000 vulnerabilities</li><li>Integrates into the QRadar ecosystem</li><li>Is present on all QRadar event and flow collector and processor appliances (QRadar 7.2 and up) as well as QRadar data nodes (QRadar 7.2.8 and up)</li><li>Integrates with endpoint management (IBM BigFix), web application security (IBM AppScan), database security (IBM Guardium), and network management (IBM Security SiteProtector)</li><li>Leverages QRadar Risk Manager to report which vulnerabilities are blocked by your IPS and FW</li><li>Uses QFlow report if a vulnerable application is active</li><li>Presents a prioritized list of vulnerabilities you should deal with as soon as possible</li></ul><h2 id=ibm-qradar-risk-manager>IBM QRadar Risk Manager</h2><p>Scan, assess, and remediate risks</p><ul><li>Network topology model based on security device configurations enables visualization of actual and potential network traffic patterns</li><li>Policy engine correlates network topology, asset vulnerabilities and configuration, and actual network traffic to quantify and prioritize risk, enabling risk-prioritized remediation and compliance checking, alerting, and reporting</li><li>Centralizes network security device configuration data and discovers configuration errors; monitors firewall rule activity</li><li>Models threat propagation and simulates network topology changes</li></ul><h2 id=ibm-qradar-siem>IBM QRadar SIEM</h2><p>Web-based command console for Security Intelligence</p><ul><li>Delivers actionable insight, focusing security teams on high-probability incidents:Employs rules-based correlation of events, flows, assets, topologies, and vulnerabilities</li><li>Detects and tracks malicious activity over extended time periods, helping uncover advanced threats often missed by other solutions:Consolidates “big data” security incidents within purpose-built, federated database repository</li><li>Provides anomaly detection to complement existing perimeter defenses:Calculates identity and application baseline profiles to assess abnormal conditions</li><li>Provides deep visibility into network, user, and application activity</li><li>Provides reliable, tamper-proof log storage for forensic investigations and evidentiary use</li></ul><h2 id=qradar-embedded-intelligence-offers-automated-offense-identification>QRadar embedded intelligence offers automated offense identification</h2><ol><li>Extensive Data Sources<ol><li>Security devices</li><li>Servers and mainframes</li><li>Network and virtual activity</li><li>Data activity</li><li>Application activity</li><li>Configuration information</li><li>Vulnerabilities and threats</li><li>Users and identities</li><li>Global threat intelligence</li></ol></li><li>Correlation<ol><li>Logs/events</li><li>Flows</li><li>IP reputation</li><li>Geographic location</li></ol></li><li>Activity baselining and anomaly detection<ol><li>User activity</li><li>Database activity</li><li>Application activity</li><li>Network activity</li></ol></li><li>Offense identification<ol><li>Credibility</li><li>Severity</li><li>Relevance</li></ol></li></ol><h2 id=qradar-embedded-intelligence-directs-focus-for-investigations>QRadar embedded intelligence directs focus for investigations</h2><p>Directed forensics investigations</p><ul><li>Reduce time to resolution:Through intuitive forensic workflow</li><li>Use intuition more than technical training</li><li>Determine root cause and prevent recurrences</li></ul><h2 id=benefits-of-ibm-security-intelligence-approach-using-qradar>Benefits of IBM Security Intelligence approach using QRadar</h2><ul><li>Incident Forensics and Response</li><li>Compliance Reporting</li><li>Cognitive Security</li><li>User Behavior Analytics</li><li>Vulnerability and Risk Management</li><li>Threat and Anomaly Protection</li></ul><h2 id=providing-functional-context>Providing functional context</h2><p>To enable security analysts to perform investigations, QRadar SIEM correlates information such as:</p><ul><li>Point in time</li><li>Offending users</li><li>Origins</li><li>Targets</li><li>Asset information</li><li>Vulnerabilities</li><li>Known threats</li><li>Behavioral analytics</li><li>Cognitive analytics</li></ul><h2 id=network-flow-analytics>Network flow analytics</h2><ul><li>Provides insight into raw network traffic:Attackers can interfere with logging to erase their tracks, but they cannot cut off the network (flow data)</li><li>Allows deep packet inspection for Layer 7 flow data:Pivoting, drill-down, and data-mining activities on flow sources allow for advanced detection and forensics</li><li>Helps to detect anomalies that might otherwise be missed</li><li>Helps to detect zero-day attacks that have no signature</li><li>Provides visibility into all attacker communications</li><li>Uses passive monitoring to build asset profiles and classify hosts</li><li>Improves network visibility and helps resolve traffic problems</li></ul><h2 id=extensible-functional-architecture>Extensible functional architecture</h2><ol><li>Cognitive Analytics<ol><li><strong>QRadar Sense Analytics</strong> allows you to inspect events, flows, users, and more</li><li>Speed analysis with <strong>visuals, query, and auto-discovery</strong> across the platform</li><li>Augment your analysts’ knowledge and insights with <strong>QRadar Advisor with Watson</strong></li></ol></li><li>Open Ecosystem<ol><li><strong>IBM Security App Exchange</strong> provides access to apps from leading security partners</li><li><strong>Out-of-the-box integrations</strong> for 500+ third-party security products</li><li><strong>Open APIs</strong> allow for custom integrations and apps</li></ol></li><li>Deep Threat Intelligence and Analysis<ol><li><strong>IBM X-Force Exchange</strong> helps you stay ahead of the latest threats and attacks</li><li>Extend investigations to cyber threat analysis with <strong>i2 Enterprise Insight Analysis</strong></li><li>Powered by the X-Force Research team and <strong>700TB+ of threat data</strong></li><li>Share data with a <strong>collaborative portal</strong> and STIX / TAXII standards</li></ol></li></ol></article><div class=my-4><a href=https://b.hui.ke/tags/qradar/ class="inline-block bg-tertiary-bg text-sm rounded px-3 py-1 my-1 me-2 hover:text-eureka">#QRadar</a>
<a href=https://b.hui.ke/tags/security-intelligence/ class="inline-block bg-tertiary-bg text-sm rounded px-3 py-1 my-1 me-2 hover:text-eureka">#Security Intelligence</a>
<a href=https://b.hui.ke/tags/siem/ class="inline-block bg-tertiary-bg text-sm rounded px-3 py-1 my-1 me-2 hover:text-eureka">#SIEM</a></div><div class=py-2><div class="my-8 flex flex-col items-center md:flex-row"><a href=https://b.hui.ke/authors/hui.ke/ class="md:me-4 text-primary-text h-24 w-24"><img src=https://b.hui.ke/bagua.webp class="bg-primary-bg w-full rounded-full" alt=Avatar></a><div class="mt-4 w-full md:mt-0 md:w-auto"><a href=https://b.hui.ke/authors/hui.ke/ class="mb-2 block border-b pb-1 text-lg font-bold"><h3>Hui.Ke</h3></a><span class="block pb-2">❤ Cyber Security | Safety is a priority.</span>
<a href=mailto:3199731997@qq.com class=me-2><i class="fas fa-envelope"></i></a>
<a href="https://wpa.qq.com/msgrd?v=3&uin=3199731997" class=me-2><i class="fab fa-qq"></i></a>
<a href=/images/aixinxianquan.webp class=me-2><i class="fab fa-weixin"></i></a></div></div></div><div class="-mx-2 mt-4 flex flex-col border-t px-2 pt-4 md:flex-row md:justify-between"><div><span class="text-primary-text block font-bold">Previous</span>
<a href=https://b.hui.ke/posts/ibm-qradar-2/ class=block>IBM QRadar - Forgot Password</a></div><div class="mt-4 md:mt-0 md:text-right"><span class="text-primary-text block font-bold">Next</span>
<a href=https://b.hui.ke/posts/transfer-files-with-rsync/ class=block>使用 rsync SSH 传输文件</a></div></div><div id=valine-comments class=mt-4></div><script defer src=https://cdn.jsdelivr.net/npm/valine@1.4.16/dist/Valine.min.js integrity=sha384-e0+DNUCJo75aOAzHQbFWYBCM9/S4f0BhRJXvEgbE3mMS85RM20MSSGStHuNdY2QK crossorigin></script>
<script>document.addEventListener("DOMContentLoaded",function(){new Valine({el:"#valine-comments",appId:"BQnVqWIiq78AdqwyhvBVAa3y-MdYXbMMI",appKey:"RKg5By312YjM8rU6WkkfK9IN",recordIP:"true",serverURLs:"https://l.hui.ke",visitor:"true"})})</script></div><div class=col-span-2><div class="bg-secondary-bg prose max-w-none rounded p-6"><h3>Series of Posts</h3><a href=https://b.hui.ke/posts/ibm-qradar-2/ class=no-underline>IBM QRadar - Forgot Password</a><br><a href=https://b.hui.ke/posts/ibm-qradar-1/ class=no-underline>IBM QRadar - Introduction</a><br></div><div class="bg-primary-bg
prose sticky top-16 z-10 hidden px-6 py-4 lg:block"><h3>On This Page</h3></div><div class="sticky-toc hidden px-6 pb-6 lg:block"><nav id=TableOfContents><ul><li><a href=#an-integrated-and-intelligent-security-immune-system>An integrated and intelligent security immune system</a><ul><li><a href=#一个中心security-analytics-and-orchestration>一个中心：Security Analytics and Orchestration</a></li><li><a href=#九个方面>九个方面</a></li></ul></li><li><a href=#ibm-security-immune-system-portfolio>IBM security immune system portfolio</a><ul><li><a href=#一个中心security-analytics-and-orchestration-1>一个中心：Security Analytics and Orchestration</a></li><li><a href=#九个方面-1>九个方面</a></li></ul></li><li><a href=#the-qradar-ecosystem--intelligent-detection>The QRadar Ecosystem – Intelligent Detection</a></li><li><a href=#what-is-security-intelligence>What is Security Intelligence?</a></li><li><a href=#ibm-qradar-vulnerability-manager>IBM QRadar Vulnerability Manager</a></li><li><a href=#ibm-qradar-risk-manager>IBM QRadar Risk Manager</a></li><li><a href=#ibm-qradar-siem>IBM QRadar SIEM</a></li><li><a href=#qradar-embedded-intelligence-offers-automated-offense-identification>QRadar embedded intelligence offers automated offense identification</a></li><li><a href=#qradar-embedded-intelligence-directs-focus-for-investigations>QRadar embedded intelligence directs focus for investigations</a></li><li><a href=#benefits-of-ibm-security-intelligence-approach-using-qradar>Benefits of IBM Security Intelligence approach using QRadar</a></li><li><a href=#providing-functional-context>Providing functional context</a></li><li><a href=#network-flow-analytics>Network flow analytics</a></li><li><a href=#extensible-functional-architecture>Extensible functional architecture</a></li></ul></nav></div><script>window.addEventListener("DOMContentLoaded",()=>{enableStickyToc()})</script></div></div><script>document.addEventListener("DOMContentLoaded",()=>{hljs.highlightAll()})</script></div></div></main><footer class=pl-scrollbar><div class="mx-auto w-full max-w-screen-xl"><div class="text-center p-6 pin-b"><script async src=/js/click.js></script><div id=poem_ip></div><script type=text/javascript>jinrishici.load(function(e){tags.innerHTML=e.data.matchTags})</script><div><span id=timeDate>载入年天数...</span><span id=times>载入时分秒...</span>
<script async src=/js/duration.js></script></div><a href=https://www.foreverblog.cn/go.html target=_blank><img src=https://img.foreverblog.cn/wormhole_4_tp.gif alt style=display:inline-block;width:auto;height:32px title=穿梭虫洞-随机访问十年之约友链博客></a><p class="text-sm text-tertiary-text"><script async src=//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js></script>本站总访问量 <span id=busuanzi_value_site_pv></span> 次
&#183; 您是本站的第 <span id=busuanzi_value_site_uv></span> 个小伙伴</p><script async src=/js/tab.js></script></div></div></footer></body></html>